RFR: 8354469: Keytool exposes the password in plain text when command is piped using | grep [v2]
Weijun Wang
weijun at openjdk.org
Wed Apr 23 13:39:00 UTC 2025
> Add more description on password handling into the keytool man page. A link to the man page is now added to the keytool help screen.
>
> When keytool output is redirected into a file or file, a warning is shown:
>
> $ keytool -genkeypair | type
>
> Warning: password will be echoed because output is redirected.
> Enter keystore password: password
> Warning: password will be echoed because output is redirected.
> Re-enter new password:
>
>
> A new manual test is added.
>
> Sorry we cannot suppress password echoing in this case at the moment because `System.console()` is not available.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
hide warning when password is piped into the command; enhance test
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/24805/files
- new: https://git.openjdk.org/jdk/pull/24805/files/591fd7f2..89ccc41d
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=24805&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=24805&range=00-01
Stats: 132 lines in 3 files changed: 54 ins; 52 del; 26 mod
Patch: https://git.openjdk.org/jdk/pull/24805.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/24805/head:pull/24805
PR: https://git.openjdk.org/jdk/pull/24805
More information about the security-dev
mailing list